Georgia Institute of Technology - Scheller College of Business
A good deal of recent attention has focused on the potential for "self-regulation" on the Internet and more generally. This article proposes a general framework for deciding among markets, self-regulation and government enforcement in the protection of personal information. Self-regulation is tempting because of failures in a pure market or pure government approach. The article defines self-regulation, noting that it has the same separation of powers components (legislation, enforcement, adjudication) as traditional law. The case for self-regulation is based on: industry expertise; the creation and enforcement of industry norms of behavior; increase in reputational capital of the industry; improvement of technical standards; and the possibility that the risk of government action will lead to desirable self-regulation. Each of these potential benefits, however, may prove unpersuasive in a particular setting. Self-regulation may also promote cartel behavior or disfavor consumers or other groups not included in the "self." The paper concludes with a set of empirical questions to explore in any given choice among market, self-regulatory, and government approaches.